ndly way that would allow its 130,000 users to securely work anywhere, from any device, without friction. By leveraging its own Duo Passwordless, the team was able to eliminate phishable multi-factor authentication factors, improve usability and productivity, reduce authentication actions by 93%, and secure its workforce from anywhere.
At Cisco, securing our workplace for the future means continuously adapting to technological advancements and staying ahead of the threat landscape. Leveraging our own suite of security products, including Duo, has been key in helping us do that.
When most of our workforce worked remotely during the pandemic, we implemented Duo Beyond and moved from a traditional network-based perimeter and VPN model to a zero-trust framework so that users could securely work anywhere, from any device, without friction.
Today, our zero-trust journey continues as we strive to meet the security needs of today while adapting for what’s next with Duo Passwordless. Identity is now the perimeter— the first line of defense against cyber threats. With most data breaches coming from weak or stolen credentials, it’s clear that the future requires passwordless authentication.
To put it simply, passwords are an easy target for hackers. Once the gold standard for protecting sensitive information, passwords are now outdated and vulnerable in the ever-evolving threat landscape. They’re highly susceptible to phishing attacks, can be easily forgotten, and often lead to user frustration that brings an influx of password-related help desk tickets to IT teams.
When plagued by password fatigue, users are inclined to use weak, reused, or only slightly modified passwords across different accounts. Good password management is hard and difficult to enforce, and prior to using Duo Passwordless, Cisco IT struggled to manage these challenges across a massive workforce spanning more than 130,000 users.
As a large company and a leader in technology, a compromise in our security can have a major impact on our business and our innovation. If attackers obtain sensitive information such as source code, internal system details, customer data, or intellectual property, it not only puts our business and employees at risk, but the customers who rely on our technology. We needed to adapt our approach to authentication to mitigate the password related security risks to our business and challenges faced by our employees and support teams.
Authentication has evolved as cybercrime has become more and more sophisticated. We started with “something you know,” or a username and password. We added MFA, which combines “something you know” with “something you have” or “are” like a device or fingerprint. While stronger than a username and password alone, the “something you know” factor of a password remained susceptible to vulnerabilities.
We began working closely with the Duo product team to take a user-friendly, zero trust approach that not only enhanced security but also improved the user experience. To do this, we implemented Duo Passwordless. It wasn’t just about improving security, but at the same time cultivating a seamless experience that would better serve our customers and employees both now and into the future.
While Duo Passwordless is still MFA, it takes it a step further and combines the experience into one step, making for a smoother user experience. It relies on cryptographic public-private key pairs, utilizing biometrics (such as fingerprint or facial recognition) or security keys like YubiKeys to authenticate users without the need for passwords.
As “customer zero” for Duo Passwordless, we had the ability to test and improve the technology through early pilot programs before release. Using a multi-phased approach, we started with a small group of IT and security staff, improving performance and functionality through feedback before gradually expanding to the full workforce over 10 months. The knowledge gained from initial pilot groups and insights into how different users would be impacted helped shape our approach to communicating the changes with our workforce.
Through careful collaboration between teams across our organization, Cisco IT Security and the Security and Trust Organization (S&TO) began driving the direction of our passwordless future. My team within IT Security served as the main drivers behind this effort, with S&TO providing change management support, and IT UX, IT Comms, and IT Research & Analytics supporting as needed. Help@Cisco also played a role once we shifted to mandatory passwordless only for key apps, managing the support process for our internal users so service teams could focus on the operation and improvement of the product.
While the full rollout has seen high levels of organic workforce enrollment with limited promotion, there were some challenges with adoption. Many users reported initial concerns with utilizing biometrics. For example, Windows Hello users who didn’t log in with biometrics by default, simply didn’t know to set it up. Unless specifically told, users in this situation did not realize biometrics were an option for them.
To remedy, we focused on employee education around how biometrics are used, where they’re stored, as well as the value of shifting to passwordless authentication. In addition, we provided alternatives to biometrics. For example, on Windows, users can use a PIN. If they don’t like platform-based authenticators, they can use a YubiKey with a PIN or setup a passkey on a mobile device.
Also important to note, we did not initially mandate the move to passwordless. Our approach to encouraging employee adoption and change was shaped by our commitment to delivering the best user experience. We wanted to deliver services and technology that acted as a magnet for adoption rather than a mandate.
Now that we are further into our journey, we have started Passwordless Only enforcement on certain apps. The slower, but at-will transition allowed organic adoption and helped get people comfortable with the new technology prior to making the practice mandatory.
Since the passwordless solution was made available to the entire workforce, we’ve seen substantial benefits including:
While there is a long road ahead of a full industry shift away from passwords entirely, this has primarily been about changing the experience for our workforce today and mitigating potential future threats for our business. Preparing for a completely passwordless future is a journey that we continue to build and improve on, including:
Learn more about Duo Passwordless Authentication, our journey, and the powerful combination of Cisco Secure Access and Duo. For Cisco employees, learn how to set up passwordless on your Cisco device here.
Additional Resources:
You’ll have a special opportunity to talk live with Cisco IT experts to dive into these success stories and other deployments! Look for Cisco on Cisco in each of the showcases and be sure to search Cisco on Cisco in the session catalog to add our sessions to your schedule!
Share:
Copyright © 2019-2024 Bytesdaily All rights reserved. About Us | Contact Us | Disclaimer | Terms Of Use | Privacy Policy
